After which everything is swell and I can log in to this instance of MySQL from the local machine. However, I can also log in from any other machine.

I have set up my firewall to filter everything except traffic coming in to specific ports ("hidden" SSH, HTTP, HTTPS), and this filtering does in fact seem to work; if I for example run a Django development server on port 1234 then I am able to connect from the local machine, but not from outside. So the firewall seems to be filtering packets when they're destined to a server that is running as a "plain" process, but not when the server is running inside a container.

1 Answer
1

Thanks to #docker IRC channel users Michael Crosby and Paul Czar I am now able to answer my own question. The problem lies in the fact that I ran the container like this:

docker run -p 3306:3306 asyncfi/magento-mysql

This publishes the container's port to all interfaces of the host machine, which is definitely not what I was looking for at this time. To bind only to localhost, it was necessary to run the container as follows:

docker run -p 127.0.0.1:3306:3306 asyncfi/magento-mysql

Also the EXPOSE line in Dockerfile is not necessary as the "expose" mechanism is used to link containers.